Deprecated: Authenticating Using the X-VP-AUTH-API Key and X-VP-AUTH Token

Attention: We have made major changes in our authentication infrastructure
to support the OAuth 2.0 protocol and we strongly recommend clients
with existing integrations to upgrade as soon as possible. If you have an existing
integration and want to upgrade, please contact your Account Manager for further
assistance. For more information, refer to Authentication.

The old way of authenticating, using the X-VP-AUTH-API key or X-VP-AUTH token, is
still supported for existing integrations but it is not used for new ones. If you
are already following best practices in your REST API integration, then you are not
affected by the authentication upgrade at all. However, the upgrade affects
integrations using the X-VP-AUTH token.

Effects of the Authentication Upgrade on Integrations Using the X-VP-AUTH
Token

Previously generated X-VP-AUTH token was valid for 1 hour and the client got a
new X-VP-AUTH token on every backend request. Now, integrations using X-VP-AUTH
token for more than an hour need to re-authenticate their session when given
401 (Unauthorized) response back, because we no longer
generate a new X-VP-AUTH token on each new request.

Integrations that are looking for parameters other than X-VP-AUTH header or
Cookie in the authentication response no longer work. Clients should solely rely
on X-VP-AUTH header or Cookie parameter for authenticated session.

If you are one of the clients who are affected by this upgrade, please make sure you
have the following behavior when getting the authorization token:

Your integration must read X-VP-AUTH from Response Header or Cookie.

Make sure your integration handles re-authentication when given 401 response for
an operation.

Note: If you need more information on the old authentication mode, using the
X-VP-AUTH-API key or X-VP-AUTH token, please contact Technical Support or your
Account Manager.